TREASURY INSPEcTOR GENERAL
FOR TAX ADMINISTRATION
THE INTERNAL REVENUE SERVIcE NEEDS TO IMPROVE
TREATMENT OF TAXPAYERS DURING OFFIcE AUDITS
Reference No. 093602
A previous audit report titled, Examination Divisionís Use of Performance Measures and Statistics, dated July 7, 1998, identified concerns that led us to look at whether Examination Divisionís emphasis on enforcement results caused taxpayers to be treated improperly. Our review focused on the individual tax returns selected for office audit through means other than the Discriminant Index Function (DIF), primarily through the Midwest Automated compliance System (MAcS).
In the last several years, the Internal Revenue Service (IRS) has migrated away from the traditional DIF system for selecting individual returns for audit. In 1997, more than half of the audited individual returns selected came from non-DIF sources. This migration away from the DIF system can increase IRSí risk that tax return information could be misused. To mitigate the risk, the system of controls must keep pace with the new and innovative ways of doing business, such as using MAcS to identify and select returns for audit.
Given the extent of control breakdowns identified during this audit, we cannot give assurance that IRS employees selected returns for examination fairly or that they protected taxpayersí personal and financial data from unauthorized and improper disclosure. We also noted inappropriate actions taken by examiners and managers during the initiation and closing of audits that may have led to improper taxpayer treatment. In some instances, examiners may have violated laws or regulations. In other instances, IRS procedures were not followed.
Weaknesses in the MAcS control Environment Unnecessarily Exposed Taxpayer Return Data to Browsing and Increased the Risk That Employees could Selectively Target Individuals for Audit
Traditionally, DIF has been the primary workload identification system used to select individual tax returns for office audits. DIF scores each return for potential errors by means of a mathematical formula. The higher the score, the greater the probability for error. When the computer selects a return because of a high DIF score, an employee, generally in one of IRSí Service centers, screens the return for some obvious explanation or innocent error. If none is found, the questionable return is usually forwarded to the district for audit consideration. This process provides IRS with controls to (1) identify and select returns for audit and (2) separate the duties among employees identifying, selecting and auditing tax returns.
comparatively, MAcS gives IRS employees a new and innovative way of identifying and selecting returns for audit. MAcS provides IRS employees in district offices the ability to use locally-derived, and possibly subjective, criteria to both identify and select returns for audit from the millions of returns filed within the districtís geographical boundaries.
IRS reports that MAcS, unlike most other IRS computer systems, has controlled access protection to prevent and detect unauthorized access and misuse of taxpayer data. Officials in IRSí National Office developed comprehensive guidelines that outline additional procedures and controls to aid in protecting the security and privacy of taxpayer information on MAcS. However, our tests and on-site visits to 14 district office MAcS sites found a combination of factors that seriously undermined the entire MAcS control environment. For instance:
Actions Taken by Examiners and Managers During the Initiation and closing of Non-DIF Audits Led to Improper Taxpayer Treatment
Although IRS has established procedures to protect taxpayers during audits, we found examples of what we consider to be improper taxpayer treatment during the initiation and closing of office audits. For example:
Summary of Recommendations
The risk of selectively targeting taxpayers for examination and exposing the personal and financial data of millions of taxpayers to browsing and improper disclosure could be easier managed by centralizing the MAcS sites. A better separation of duties could be achieved between the IRS employees responsible for identifying potential MAcS returns for audit and the employees responsible for conducting the examination by locating MAcS in offices other than those that will be working the audits.
IRS management also needs to strengthen specific IRS controls and procedures for initiating and closing audits. These include (1) making sure examiners and managers are knowledgeable of procedures designed to protect taxpayers during audits and (2) expanding the quality assurance controls to address taxpayer rights.
Due to the significant risks inherent in the selection, initiation, and closing of examinations, and the current state of the controls designed to mitigate those risks, these areas should be declared material weaknesses under the Federal Managerís Financial Integrity Act (FMFIA).
Management's Response: The commissioner of the Internal Revenue Service provided comments on a draft of this report in a February 12, 1999, letter.
With the exception of centralizing MAcS sites, the commissioner agreed to take corrective actions that are consistent with our recommendations. Instead of centralizing MAcS sites, he believes that the management of MAcS should be centralized as a short-term solution to the issue. Our subsequent discussions with IRS officials indicate they are considering centralizing management oversight of MAcS under a National Office analyst. IRS officials envision the analyst would be responsible for reviewing and approving MAcS research requests. We still believe MAcS sites need to be centralized, but see this interim solution as a step that would provide for a better separation of duties and enable IRS to easily identify misuses of MAcS after they occur.
The commissionerís comments on findings can be found at the end of our recommendations. Appendix IV contains IRS managementís complete response